What Is Claimed Is; 



ORACLE CONFIDENTIAL 



1 LA method for using query signatures to provide security for a 

2 database, comprising: 

3 receiving a query at the database; 

4 parsing the query to determine a signature for the query, wherein the 

5 signature specifies a structure based on operations for the query and is 

6 independent of the value of literals in the query; 

7 determining if the signature is located in a signature cache, which contains 

8 signatures for valid queries; and 

9 if so, processing the query. 



1 2. The method of claim 1, wherein if the signature is not in the 

2 signature cache, the method further comprises triggering a mismatch alert. 

1 3. The method of claim 2, wherein the mismatch alert throws an 

2 error. 



1 4. The method of claim 2, wherein the mismatch alert is sent to a 

2 database administrator and the query is processed. 

1 5. The method of claim 2, wherein the mismatch alert is sent to a 

2 requesting application, thereby allowing the requesting application to take action. 
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1 6. The method of claim 1, wherein the signature cache is initialized 

2 by recording signatures of valid transactions during a system initialization 

3 operation. 

1 7. The method of claim 1 , wherein if the signature generates a 

2 mismatch alert and if the query is a valid query, the method further comprises 

3 allowing a database administrator to add the signature to the signature cache. 

1 8. A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for using 

3 query signatures to provide security for a database, the method comprising: 

4 receiving a query at the database; 

5 parsing the query to determine a signature for the query, wherein the 

6 signature specifies a structure based on operations for the query and is 

7 independent of the value of literals in the query; 

8 determining if the signature is located in a signature cache, which contains 

9 signatures for valid queries; and 

1 0 if so, processing the query. 

1 9. The computer-readable storage medium of claim 8, wherein if the 

2 signature is not in the signature cache, the method further comprises triggering a 

3 mismatch alert. 

1 10. The computer-readable storage medium of claim 9, wherein the 

2 mismatch alert throws an error. 
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1 11. The computer-readable storage medium of claim 9, wherein the 

2 mismatch alert is sent to a database administrator and the query is processed. 

1 12. The computer-readable storage medium of claim 9, wherein the 

2 mismatch alert is sent to a requesting application, thereby allowing the requesting 

3 application to take action. 

1 13. The computer-readable storage medium of claim 8, wherein the 

2 signature cache is initialized by recording signatures of valid transactions during a 

3 system initialization operation. 



1 14. The computer-readable storage medium of claim 8, wherein if the 

2 signature generates a mismatch alert and if the query is a valid query, the method 

3 further comprises allowing a database administrator to add the signature to the 

4 signature cache. 

1 1 5. An apparatus for using query signatures to provide security for a 

2 database, comprising: 

3 a receiving mechanism configured to receive a query at the database; 

4 a parsing mechanism configured to parse the query to determine a 

5 signature for the query, wherein the signature specifies a structure based on 

6 operations for the query and is independent of the value of literals in the query; 

7 a matching mechanism configured to determine if the signature is located 

8 in a signature cache, which contains signatures for valid queries; and 

9 a processing mechanism configured to process the query. 
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1 1 6. The apparatus of claim 1 5, further comprising a triggering 

2 mechanism configured to trigger a mismatch alert. 

1 1 7. The apparatus of claim 1 6, wherein the mismatch alert throws an 

2 error. 

1 18. The apparatus of claim 16, wherein the mismatch alert is sent to a 

2 database administrator and the query is processed. 

1 19. The apparatus of claim 16, wherein the mismatch alert is sent to a 

2 requesting application, thereby allowing the requesting application to take action. 

1 20. The apparatus of claim 1 5, further comprising a recording 

2 mechanism configured to record signatures of valid transactions during a system 

3 initialization operation. 

1 21. The apparatus of claim 15, further comprising an adding 

2 mechanism configured to allow a database administrator to add the signature to 

3 the signature cache if the signature generates a mismatch alert and if the query is a 

4 valid query. 
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